CVE List - 2025 / August
Showing 301 - 400 of 3631 CVEs for August 2025 (Page 4 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-8537 | 2025-08-05 | Axiomatic Bento4 mp4decrypt Mp4Decrypt.cpp SetDataSize allocation of resources |
| CVE-2025-8538 | 2025-08-05 | Portabilis i-Educar novo cross site scripting |
| CVE-2025-8539 | 2025-08-05 | Portabilis i-Educar public_distrito_cad.php cross site scripting |
| CVE-2025-8540 | 2025-08-05 | Portabilis i-Educar public_municipio_cad.php cross site scripting |
| CVE-2025-53417 | 2025-08-05 | File Parsing Deserialization of Untrusted Data in DTM Soft |
| CVE-2025-8541 | 2025-08-05 | Portabilis i-Educar public_uf_cad.php cross site scripting |
| CVE-2025-8542 | 2025-08-05 | Portabilis i-Educar empresas_cad.php cross site scripting |
| CVE-2025-8543 | 2025-08-05 | Portabilis i-Educar educar_raca_cad.php cross site scripting |
| CVE-2025-8544 | 2025-08-05 | Portabilis i-Educar edit cross site scripting |
| CVE-2025-8545 | 2025-08-05 | Portabilis i-Educar educar_motivo_afastamento_cad.php cross site scripting |
| CVE-2025-54868 | 2025-08-05 | LibreChat exposes arbitrary chats through Meilisearch engine |
| CVE-2025-8546 | 2025-08-05 | atjiu pybbs Verification Code login Captcha |
| CVE-2025-8547 | 2025-08-05 | atjiu pybbs Email Verification improper authorization |
| CVE-2025-54982 | 2025-08-05 | SAML 2.0 Public Key Validation Issue |
| CVE-2025-8548 | 2025-08-05 | atjiu pybbs Registered Email SettingsApiController.java sendEmailCode information exposure |
| CVE-2025-8549 | 2025-08-05 | atjiu pybbs UserAdminController.java update weak password |
| CVE-2025-8315 | 2025-08-05 | WP Easy Contact <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter |
| CVE-2025-7050 | 2025-08-05 | Use-your-Drive | Google Drive plugin for WordPress <= 3.3.1- Unauthenticated Stored Cross-Site Scripting via File Metadata |
| CVE-2025-8313 | 2025-08-05 | Campus Directory <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter |
| CVE-2025-8550 | 2025-08-05 | atjiu pybbs list cross site scripting |
| CVE-2025-6207 | 2025-08-05 | WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-5061 | 2025-08-05 | WP Import Export Lite <= 3.9.29 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-8295 | 2025-08-05 | Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter |
| CVE-2025-8294 | 2025-08-05 | Download Counter <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter |
| CVE-2025-8551 | 2025-08-05 | atjiu pybbs list cross site scripting |
| CVE-2025-8552 | 2025-08-05 | atjiu pybbs list cross site scripting |
| CVE-2025-41698 | 2025-08-05 | Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization |
| CVE-2025-2810 | 2025-08-05 | Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key |
| CVE-2025-8553 | 2025-08-05 | atjiu pybbs list cross site scripting |
| CVE-2025-8554 | 2025-08-05 | atjiu pybbs list cross site scripting |
| CVE-2025-8555 | 2025-08-05 | atjiu pybbs search cross site scripting |
| CVE-2025-54948 | 2025-08-05 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. |
| CVE-2025-54987 | 2025-08-05 | A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially... |
| CVE-2025-7025 | 2025-08-05 | Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation |
| CVE-2025-7032 | 2025-08-05 | Rockwell Automation Stack-based Buffer Overflow In Arena® Simulation |
| CVE-2025-7033 | 2025-08-05 | Rockwell Automation Heap-based Buffer Overflow In Arena® Simulation |
| CVE-2024-52890 | 2025-08-05 | IBM Engineering Lifecycle Optimization - Publishing cross-site scripting |
| CVE-2025-46958 | 2025-08-05 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54874 | 2025-08-05 | OpenJPEG allows OOB heap memory write in opj_jp2_read_header |
| CVE-2025-47152 | 2025-08-05 | An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to... |
| CVE-2025-27931 | 2025-08-05 | An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an... |
| CVE-2025-2611 | 2025-08-05 | ICTBroadcast <= 7.4 Unauthenticated Session Cookie RCE |
| CVE-2025-8584 | 2025-08-05 | libav AVI File Parser buffer.c av_buffer_unref null pointer dereference |
| CVE-2025-7674 | 2025-08-05 | navify Monitoring API input validation |
| CVE-2025-54254 | 2025-08-05 | Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) |
| CVE-2025-54253 | 2025-08-05 | Adobe Experience Manager | Incorrect Authorization (CWE-863) |
| CVE-2025-8585 | 2025-08-05 | libav DSS File Demuxer avconv.c main double free |
| CVE-2025-8586 | 2025-08-05 | libav MPEG File Parser utils.c ff_seek_frame_binary null pointer dereference |
| CVE-2014-125113 | 2025-08-05 | Dell/Quest KACE K1000 Unauthenticated File Upload RCE |
| CVE-2013-10064 | 2025-08-05 | ActFax 5.01 RAW Server Buffer Overflow |
| CVE-2012-10031 | 2025-08-05 | BlazeVideo HDTV Player Pro 6.6.0.3 Filename Handling Buffer Overflow |
| CVE-2012-10034 | 2025-08-05 | ClanSphere 2011.3 Local File Inclusion via cs_lang Cookie |
| CVE-2013-10069 | 2025-08-05 | D-Link Devices Unauthenticated RCE |
| CVE-2013-10068 | 2025-08-05 | Foxit Reader <= 5.4.5.0114 Plugin URL Processing Buffer Overflow |
| CVE-2012-10030 | 2025-08-05 | FreeFloat FTP Server Arbitrary File Upload |
| CVE-2012-10023 | 2025-08-05 | FreeFloat FTP Server USER Command Buffer Overflow |
| CVE-2013-10067 | 2025-08-05 | Glossword 1.8.8 - 1.8.12 Arbitrary File Upload RCE |
| CVE-2013-10066 | 2025-08-05 | Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload |
| CVE-2012-10032 | 2025-08-05 | Maxthon3 about:history XCS Trusted Zone Code Execution |
| CVE-2012-10029 | 2025-08-05 | Nagios XI Network Monitor Graph Explorer Component < 1.3 Authenticated Command Injection |
| CVE-2012-10033 | 2025-08-05 | Narcissus backend.php Image Configuration Command Injection |
| CVE-2012-10028 | 2025-08-05 | Netwin SurgeFTP <= v23c8 Authenticated RCE |
| CVE-2013-10070 | 2025-08-05 | PHP-Charts v1.0 PHP Code Execution |
| CVE-2013-10065 | 2025-08-05 | Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS |
| CVE-2012-10035 | 2025-08-05 | Turbo FTP Server 1.30.823/826 PORT Command Buffer Overflow |
| CVE-2012-10025 | 2025-08-05 | WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion |
| CVE-2012-10026 | 2025-08-05 | WordPress Plugin Asset-Manager <= 2.0 PHP File Upload |
| CVE-2012-10027 | 2025-08-05 | WordPress Plugin WP-Property <= 1.35.0 PHP File Upload |
| CVE-2012-10024 | 2025-08-05 | XBMC ≤ 11.0 Web Server Path Traversal |
| CVE-2025-53534 | 2025-08-05 | RatPanel can perform remote command execution without authorization |
| CVE-2025-8573 | 2025-08-05 | Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page |
| CVE-2025-8571 | 2025-08-05 | Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page |
| CVE-2025-32430 | 2025-08-05 | XWiki Platform contains Reflected XSS vulnerability in two templates |
| CVE-2025-54124 | 2025-08-05 | XWiki Platform: Any user with editing rights can access password properties through Database List Properties |
| CVE-2025-54125 | 2025-08-05 | XWiki Platform: Password and email exposure in xml.vm fields |
| CVE-2025-54594 | 2025-08-05 | react-native-bottom-tabs: Arbitrary code execution in GitHub Actions canary workflow leads to secret exfiltration |
| CVE-2025-54801 | 2025-08-05 | Fiber Susceptible to Crash via `BodyParser` Due to Unvalidated Large Slice Index in Decoder |
| CVE-2025-54869 | 2025-08-05 | FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser |
| CVE-2025-54873 | 2025-08-05 | RISC Zero Underconstrained Vulnerability: Division |
| CVE-2025-54876 | 2025-08-05 | Jans CLI stores plaintext passwords in the local cli_cmd.log file |
| CVE-2025-54883 | 2025-08-05 | Vision UI's security-kit Contains Cryptographic Weakness |
| CVE-2025-54884 | 2025-08-05 | Vision UI security-kit.js: Potential Uncontrolled Resource Allocation Vulnerability |
| CVE-2025-54571 | 2025-08-05 | ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure |
| CVE-2025-54879 | 2025-08-05 | Mastodon e‑mail throttle misconfiguration allows unlimited email confirmations against unconfirmed emails |
| CVE-2025-54872 | 2025-08-05 | onion-site-template tor Secrets Baked Into Image |
| CVE-2024-55398 | 2025-08-06 | 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. |
| CVE-2024-55399 | 2025-08-06 | 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). |
| CVE-2024-55402 | 2025-08-06 | 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. |
| CVE-2025-30127 | 2025-08-06 | An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and... |
| CVE-2025-45764 | 2025-08-06 | jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in... |
| CVE-2025-45766 | 2025-08-06 | poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by... |
| CVE-2025-46659 | 2025-08-06 | An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request. |
| CVE-2025-46660 | 2025-08-06 | An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt. |
| CVE-2025-50233 | 2025-08-06 | A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By... |
| CVE-2025-50234 | 2025-08-06 | MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sys_auth($pic, 1)... |
| CVE-2025-50286 | 2025-08-06 | A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted... |
| CVE-2025-50740 | 2025-08-06 | AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID. |
| CVE-2025-51040 | 2025-08-06 | Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2. |
| CVE-2025-51052 | 2025-08-06 | A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'. |
| CVE-2025-51053 | 2025-08-06 | A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser. |